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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 
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Commissioner for Patents 
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(b) All the claims are believed to be directed to a single invention. If the 
Office determines that all the claims presented are not obviously directed to a single 
invention, then Applicants will make an election without traverse as a prerequisite to the 
grant of special status. 

(c) Pre-examination searches were made of U.S. issued patents, including 
a classification search, a computer database search, and a keyword search. The searches were 
performed on or around April 30, 2004. The classification search covered Classes 709 
(subclass 220) and 713 (subclasses 165, 168, and 200), and was conducted by a professional 
search firm, Kramer & Amado, P.C. The computer database search was conducted on the 
USPTO systems EAST and WEST. The keyword search was conducted in Classes 709 
(subclasses 223 and 232) and 713 (subclasses 193 and 201). 

(d) The following references, copies of which are attached herewith, are 
deemed most closely related to the subject matter encompassed by the claims: 

(1) U.S. Patent Application No. 2001/0025346 Al ; 

(2) U.S. Patent Application No. 2003/0126441 Al; 

(3) U.S. Patent Application No. 2002/0157016 Al; 

(4) U.S. Patent No. 6,453,418 Bl; 

(5) International Patent Publication No. WO 03/029940A2. 

(e) Set forth below is a detailed discussion of references which points out 
with particularly how the claimed subject matter is distinguishable over the references. 

A. Claimed Embodiments of the Present Invention 

The claimed embodiments relate to a method and system for updating security 
information which is stored in a storage device of a server that is managed by a client. The 
client is a "diskless client" that does not include a local disk device. The security information 
in the storage device of the server is updated by a management computer connected to the 
server. One benefit is that the security information can be updated even when the operation 
of the client is halted. 

Independent claim 1 recites a method for updating information on security, in 
which a client is connected with a server through a network. The server includes a storage 
device that is managed by the client. The storage device stores security information. The 
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method comprises updating the security information stored in the storage device that the 
client manages in the server. 

Independent claim 8 recites a client connected to a server through a network. 
The server includes a storage device. The client comprises a unit managing the storage in the 
server. The storage device stores security information. The security information is updated 
without operation of the client. The client further comprises a unit referencing the security 
information. 

Independent claim 14 recites a server connected to a client through a network. 
The server comprises a unit communicating with the client through the network; and a 
storage device that is managed by the client. The storage device stores security information 
to be updated. 

Independent claim 21 recites a management computer connected through a 
network to a server. The server includes a storage device that is managed by a client. The 
storage device stores security information of the client. The management computer 
comprises a unit communicating with the server through the network; and a unit updating the 
security information of the client. 

B. Discussion of the References 

1. U.S. Patent Application No. 2001/0025346 Al 

This reference discloses security management and audit of a business 
information system in accordance with an information security policy. The security 
management system for controlling the security status of each of a plurality of managed 
systems includes a plurality of management sections corresponding to at least one managed 
system and the information security policy. Each management section controls the security 
status of the managed system corresponding thereto so as to adjust the security status to the 
information security policy corresponding thereto. A database 133 is provided for registering 
a correspondence of the information security policy. The management and audit program 
corresponding to a range of the information security policy and the object system, which are 
designated by an operator, is retrieved and automatically executed. The management and 
audit program performs a management and audit concerning an information security policy of 
an object system corresponding to itself. As shown in Fig. 1, an information security policy 
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management and audit support apparatus 31 and management and audit object computers 32 
are connected to each other through a network 33. 

The reference is directed to a security management system for controlling the 
security status of each of a plurality of managed systems. The reference does not disclose 
updating security information stored in the storage device of a server that is managed by a 
client. Nor does it disclose a diskless client or a management computer that updates the 
security information. 

2. U.S. Patent Application No. 2003/0126441 Al 

This reference discloses a single authentication for a plurality of services in a 
computing environment. When a first service of a plurality of related services is accessed, 
the user requesting access is provided with a security token that can be used by the user to 
access any one of the plurality of services on subsequent accesses. The user only needs to 
provide its authentication information once to access any number of related services. This 
eliminates the need for multiple log-ins for multiple uses of a plurality of services, thereby 
increasing speed and efficiency and reducing time and effort. In the embodiment shown, the 
user inputs the authentication information for transmission to the server 204 which, in 
response, verifies the information for the client 202. The session manager 236 of the server 
204 evaluates whether the authentication is successful. If so, the session manager 236 
establishes a session 232 and generates a security token for transmission to the client 202. 
The client 202 receives the security token for maintenance and subsequent use. 

The reference is directed to a single authentication for a plurality of services. 
The reference does not disclose updating security information stored in the storage device of 
a server that is managed by a client. Nor does it disclose a diskless client or a management 
computer that updates the security information. 

3. U.S. Patent Application No. 2002/0157016 Al 

This reference discloses a method and apparatus for data security for a 
distributed file system. Fig. 1 shows the interaction between client applications 108a, 108b 
and the distributed file system in opening files named "foo" and "bar." The client application 
108a uses the distribution file system interface 104a to open foo. The open file request is 
transmitted to the meta-data server 102, which generates an encryption key. The security 
object, along with the open file request, is transmitted to the storage server 106 as shown by 
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the ellipse 124. The security object includes a file identifier, encryption key, and a 
permission code that is associated with the client application. The security key is passed 
between components because the keys are created collaboratively, and the components will 
use them to decrypt the information. A block storage server 106 receives the security object 
and generates a list of blocks in the referenced file. The block list generally includes enough 
information for the block server to locate the data in subsequent requests from the client 
application, and the specific information is implementation dependent. The block list is then 
encrypted using the encryption key in the security object and is stored in the security object, 
and the updated security object is returned to the meta-data server 102, as shown in the 
ellipse 126. The meta-data server 102 returns the security object to the distributed file system 
interface 104a as shown by the ellipse 128. The distributed file system interface 104a returns 
a status code to the client application 108a. See [0024]-[0025]. 

The reference relates to data security provided in a distributed file system to 
avoid enforcing security at the file level. The reference does not teach updating security 
information stored in the storage device of a server that is managed by a client. Nor does it 
teach a diskless client or a management computer that updates the security information. 

4. U.S. Patent No. 6.453.418 Bl 

This reference discloses an information accessing method that permits the user 
data belonging to a client-server system 100 to be accessed by a user belonging to another 
client-server system 500 under proper security, and that controls the permission for accessing 
the user data according to the security ranks of the user whose data is to be accessed and the 
user who wants to access the data. When a client unit 20 issues a request for accessing the 
user data of the user belonging to the other client-server system, the request for access is sent 
to an ID conversion unit 15 through a user ID management unit 12. The ID conversion unit 
operates to convert a user ID into a guest ID by referring to an ID conversion table 440, and 
then sends the request for access to a user ID management unit 52. The user ID management 
unit makes sure that the guest ID is registered by referring to the user ID table. The request 
for access is sent to the user data management unit through security check units, so that the 
while or the open portion of the user data specified on the user data is allowed to be accessed. 
See column 5, line 35 to column 6, line 27. 
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The reference relates to the use of ID conversion and ID management to 
provide access by a user of one client-server system to data in another client-server system. 
The reference fails to disclose updating security information stored in the storage device of a 
server that is managed by a client. It also fails to disclose a diskless client and a management 
computer that updates the security information. 

5. International Patent Publication No. WO 03/029940A2 

This reference discloses a master policy server 101 that manages security 
policies for client computers 115-1 17, 1 19-121, 123-125 through a network of local policy 
servers 103 (managing clients 115-117), 105 (managing clients 119-121), 107 (managing 
clients 123-125). Each local policy server is responsible for the security policies on a group 
of clients and maintains a data store containing the security policies and security information 
pertaining to the client. Periodically, the master policy server and the local policy server 
synchronize, at which time the master policy server replicates updated policies to the local 
policy servers and the local policy servers upload client security statistics to the master policy 
server for consolidation into a global status. A local policy server may also request an 
updated security policy outside of the synchronization time frame. Similarly, the master 
policy server may request the client statistics from a local policy server outside of the 
synchronization time frame. 

The reference relates to a master policy server that manages security policies 
through a network of local policy servers via periodic updates. The reference does not teach 
updating security information stored in the storage device of a server that is managed by a 
client. Nor does it teach a diskless client or a management computer that updates the security 
information. 
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(f) In view of this petition, the Examiner is respectfully requested to issue 
a first Office Action at an early date. 



Respectfully submitted, 

Chun-Pok Leung 
Reg. No. 41,405 
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San Francisco, California 941 1 1-3834 

Tel: 650-326-2400 

Fax: 415-576-0300 
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